John Nash created bitcoin

[alkan]

Besides the shadow elite are apt to love the altcoin I will launch, because they will see it as yet another speculation that falls under Bitcoin's umbrella.

Why would they love a currency that is designed to be truly decentralized? Please be more specific on that.

My favorite quote in the broader context is a comment made by Vitalik long time ago:

Bitcoin "solves" the problems behind Byzantine fault tolerance, quorum systems, etc by completely ignoring the past 30 years of research on the topic, and introducing a very simple construction that bypasses all of the issues entirely by using the concept of proof of work. Don't get me wrong, Bitcoin is a brilliant idea, but it's the sort of brilliant idea which is actually more likely to come to you if you were NOT bogged down by existing research on how to do things. Satoshi's primary gift was not deep knowledge, it was a fresh perspective.

[1715580557]

1715580557

[1715580557]

1715580557

[1715580557]

1715580557

[1715580557]

1715580557

[iamnotback]

Besides the shadow elite are apt to love the altcoin I will launch, because they will see it as yet another speculation that falls under Bitcoin's umbrella.

Why would they love a currency that is designed to be truly decentralized? Please be more specific on that.

Because they don't think anything can be. They will view it as another speculation or if necessary something they can capture when needed.

My favorite quote in the broader context is a comment made by Vitalik long time ago:

Bitcoin "solves" the problems behind Byzantine fault tolerance, quorum systems, etc by completely ignoring the past 30 years of research on the topic, and introducing a very simple construction that bypasses all of the issues entirely by using the concept of proof of work. Don't get me wrong, Bitcoin is a brilliant idea, but it's the sort of brilliant idea which is actually more likely to come to you if you were NOT bogged down by existing research on how to do things. Satoshi's primary gift was not deep knowledge, it was a fresh perspective.

That describes John Nash.

[iamnotback]

Moderated threads are going to be much pleasant.

Every shit talker's noise will simply go poof.

Almost done here. This thread is not properly moderated.

[BitWhale]

^ yes, then you will be able to control everything, won't it be great? Hell, you can even remove any reply to the thread so it's just nothing but yourself just how you like it buddy! It's like xmas for a sociopath.

I think it is YOU that's learning that you should stop replying to "idiots" that "aren't worth your time". You are nearly living by the words you preach brethren.

[iamnotback]

Those on my Ignore list (BitWhale was added), will get their posts deleted without even being read. This will foster civilized discussion.

Eliminating the baboons can only make the S/N ratio much higher.

[alkan]

Besides the shadow elite are apt to love the altcoin I will launch, because they will see it as yet another speculation that falls under Bitcoin's umbrella.

Why would they love a currency that is designed to be truly decentralized? Please be more specific on that.

Because they don't think anything can be. They will view it as another speculation or if necessary something they can capture when needed.

I assume you meant "decentralized". But that leaves us with a dilemma:
a) They think it because they are very smart and proved the impossibility of decentralized currencies before releasing Bitcoin. Though that would mean that your design would turn out as impossible as well. Either because it's impossible as such or because it will finally get captured by them.
b) They didn't prove it and just think (or hope) it. In that case they would be very dumb (and thus cannot be called an "elite") since they must have been aware of the risk that someone would eventually come and fix Bitcoin's flaw of becoming centralized.

[BitWhale]

I consider that a success, this "idiot" whom wasn't worth his "time" had to be ignored in order for him to live by what he said. I guess that's one way to do it.

now let's start the replying to the "others in the thread" about blank and pretend like we aren't actually directly talking to eachother. I love this part! :p

[iamnotback]

Somebody forgot to take their meds today.

[BitWhale]

Somebody forgot to take their meds today.

Would you like me to get you a glass of water? I think the Nash/millionaire delusions are coming back.

Those on my Ignore list (BitWhale was added), will get their posts deleted without even being read. This will foster civilized discussion.

Eliminating the baboons can only make the S/N ratio much higher.

 I thought i was on ignore?

I hope you don't say things you don't mean about your super-duper amazing multi-gagillion dollar altcoin you are creating, because what you SAY and DO are clearly two different things lmao.

God man, you really aren't as bright as you like to make yourself out to be are you? Why would you respond to that? I was literally done.

[iamnotback]

I think we could continue this forever.

Until his F5 key craps out.

Let's take this to the absurdium that he wants to prove.

When this thread has 100 pages of his nonsense, then we'll see if the moderator takes action or not.

[BitWhale]

lol we could, or we could kiss and make up and you just admit that all skeptics aren't idiots and that we got off on the wrong foot.

[iamnotback]

I don't need to read, I can just type my reply.

Thought you were a clever fuck didn't you?

NaNaNa, NaNaNa, Hey, Hey, Goodbye.

Go take your meds dufus.

[BitWhale]

lol what a perfectly worded comment. It's almost as if it was crafted to look like he didn't read and just replied I guess we will never know.

You thought you were a clever fuck didn't you?

Really though, i was done 3 comments ago. It's similar to how a cat gets bored after the mouse he's playing with dies.

[iamnotback]

Back for sloppy seconds I see.

No need to read, for we know what he be.

[iamnotback]

I will use moderated threads from now. I resisted because I despise censorship. But I need to consider that I am not of much value to the community if I am expending time fighting instead of producing.

Moderated threads = yes

I don't know if you've heard of Athene and his "Logic Nation" - https://logicnation.org/

Athene's Theory of Everything
https://www.youtube.com/watch?v=dbh5l0b2-0o

Science Finds God (documentary / sci-fi short film)
https://www.youtube.com/watch?v=SXDw73rToPE

One of debates regarding his "cult" - "logic nation":
[Livestream Debate] Glink vs Athene: "Click" Cult, Logic, and Reality
https://www.youtube.com/watch?v=EWq1VNk6T2g

(doesn't matter if you watch those videos, just want to let you know how he - as someone with huge audience - deals with trolls)

He had 100k+ followers when he was gaming. Millions of people heard about him.
Seems like it was his plan for ~15 years to just build an audience
for his project (he wanted to have proof of concept before going public with it).
He explained (I don't have source for this atm, but heard it in one of debates) that
he must ban trolls (mainly from his twitch channel),
it's simply not worth his time to constantly explain basics over and over again.
He learned by trial and error e.g. he didn't ban trolls at first - he gave them a chance,
but seeing that trolling never ends, he bans them on sight:

Athene bans "fuckin moron" debater after just 1 min!
https://www.youtube.com/watch?v=XOTvuJnf4yk
Ok maybe he overreacted there a bit, but I couldn't find better example


And yes, he received some negative feedback, but in the long run it pays off.
Noone's gonna miss a few trolls.

So... it kinda reminds me of you.

To me as a reader, it makes sense. You are better off with moderated threads.
You are not only saving your time, you are also saving our (readers) time.
People who want to learn can just browse your post history - or simply click your links
(no need to ask questions which you explained few posts ago).

I just wanted to clear up doubts (if you had any) whether to moderate threads or no - go for it. It's worth it.

Thank you.

Yes I see now that is the only reasonable way to have quality discussions.

[IadixDev]

It just occured to me now how reward seeking is completely the base variable for game theory algorithm  

https://sites.google.com/a/nau.edu/game-theory/about/philosophy

In Economics, Game Theory models the behavior of individuals as if they are participating in a game. Much like any other game, they are playing to receive some sort of payoff or benefit. The goal of the game is to attain the highest reward for themselves by using any strategies available to them. Risk dominance and payoff dominance are two related refinements of the Nash Equilibrium solution concept in game theory defined by John Harsanyi and Reinhard Selten (Risk Dominance, 2013).

So it's still possibly someone familiar with game theory and mathematics. I was looking for links from mathematics jargon in the code.


Now I can completely see the equation with risk taking = computing a hash, reward = coin emission for the block miner, and how the thing is tied together with the proba/risk as work, and how low risk taking lead to seek for consensus on mutual benefice, and lead to an equilibrium.

Where the force of the market aka speculators/whales are still separated from decision power by risk taking of computing hash to win the reward, and they wont manipulate directly the network even if they own large part of the data it hold.

And it still make in sort everyone still will keep relaying the good transactions, either speculators/whales, miners, with different risk taking (buying the coin /  computing a proba hash (difficulty = 1/rateof (xx)), and different reward (coin emission for miner, high coin value for whales), well it still need more thinking on it to get it completely, but the similarities in thinking with game theory math start to appear to me  

Im sure a good mathematician could pull out the 2x2 matrixes with coefficient being reward & difficulty (aka risk), weighted on if the risk is computing hash or buying coin, and deduce the good parameters for it to reach equlibrium on consencus. ( !   fatal genius )

It's a bit more twisted than this because miner also get benefits from high price of the coin,  and also you would expect pow difficulty to get higher as trading volume & market cap increase due to higher coin value. And the inflation rate of the block reward also cross the speculators reward (and maybe involve a risk for them).

I really wonder if the parameters are pulled out of mathlab now  

Im sure it's a very simple 2d stuff in game theory now with difficulty/reward with trading and mining  



But it's hard to get how he went from the math theory to the code, or from buisness problematic to math and to the code.

If he went from math and ideal concept to the application code, there is definately a break in the chain somewhere and at least 2 persons involved.

But satoshis nakomoto looks more like a project name based on concept of balance and source of balance, involving person from different expertise, and probably inspired by Nash in some part.

[jonald_fyookball]

WOAH...guys....


guys... guys...

you're obviously overlooking the OBVIOUS here:

John Nash was AMERICAN....mkay???

Satoshi Nakamoto was JAPANESE.....

DUHHHHHHH.....

so he's not Satoshi, stupid.

unbelievable.

[dinofelis]

The point of using 160 bits is compression of block size. What is the #1 issue of Bitcoin right now? Block size.

The 160 bits is more than the 128-bit security level of the 256-bit ECC.

It is a perfectly balanced and clever choice.

A priori, by hashing the public key, you don't win, but you LOSE space on the chain.  The reason is that you should consider an input and an output together.  A UTXO by itself is worthless if it is not spend one day.  So you have to consider both together.

Now, if in the output, you HASH the public key, you will have to publish that key openly in the corresponding future input, because otherwise, nobody will be able to check the signature.  If, on the other hand, you publish the public key at the output directly, without a hash, you don't have to repeat that at the corresponding input, you only have to specify the signature as everyone can go and get the public key to check it.  

--> hashing the public key adds a bit load equal to the hash length.

There are seemingly only two valid reasons to hash the public key:

1) you think that the public key scheme is vulnerable in the long term
2) you want to separate long term and short term security.

It is true that hashing the public key of 256 bits (which has a security of 128 bits) INCREASES its security to the level of the number of hashed bits if that number is between 128 and 256.  So it is true that a hashed key to 160 bits, is 160 bits secure, while the key itself is only 128 bits secure.  This 160 bit security is maintained until the key is published in a transaction.

However, let us make a small calculation.  Consider H the hash length, and K the key length.

Let us call long term security L, and short term security S.

Let us call B the total bit cost of an input and an output.

If there is no hashing, that is, if you directly publish the public key from its outset, then:

L = S = K/2

B_nohash = 3 K = 6 L = 6 S

(because there is the public key of length K, and the signature size is twice the key length, hence 3K)

If there is hashing, and we assume H between K and 2 K, then:

L = H

S = K / 2

B_hash = H + 3 K = L + 6 S

I will now show you why there's some craziness in this scheme:
Take Satoshi's system: L = 160 bits, S = 128 bits, which makes his B_hash(160,128) = 928.

Suppose that I would have taken L = 160 bits overall: B_nohash(160) = 960.

So I would only have used 32 bits on about 1 K more to have OVERALL SECURITY of 160 bits.

The hashing wins me 3% of room, to decrease the ECC security from 160 to 128 bits.

If I would have a direct address with a 320 bit ECC key, I would use about as much room on the block chain, as Satoshi's scheme, which LOWERS the security of ECC to 128 bit in the short term.

If I consider 128 bits enough, I would  have B_nohash(128) = 768 bits, which is about 20% less room.

In other words, apart from a suspicion on the fragility of ECC, there was no point in doing what he did.  And if there is a suspicion on that fragility, it is very wasteful to take a useless 256 bit key which would in any case easily be cracked by assumption.

[iamnotback]

There are seemingly only two valid reasons to hash the public key:

1) you think that the public key scheme is vulnerable in the long term
2) you want to separate long term and short term security.

I already told you that if the public key were exposed for a longer (indefinite!) time, so you would need to increase the security of the public key.  But to what level given quantum computing may be coming?

And 256-bit was about the upper limit of what was available and well accepted in 2008.

I remember seeing that 256-bit was only expected to be recommended security for ECC for only another decade or so.

https://www.keylength.com/en/3/

https://www.keylength.com/en/compare/

I will now show you why there's some craziness in this scheme:
Take Satoshi's system: L = 160 bits, S = 128 bits, which makes his B_hash(160,128) = 928.

Suppose that I would have taken L = 160 bits overall: B_nohash(160) = 960.

So I would only have used 32 bits on about 1 K more to have OVERALL SECURITY of 160 bits.

The hashing wins me 3% of room, to decrease the ECC security from 160 to 128 bits.

You are not accurately accounting for the savings in portion of UTXO that must be stored in DRAM (for performance) versus what can be put on SSDs. Without that in DRAM, then the propagation time for blocks would be horrendous and the orphan rate would skyrocket (because nodes can't propagate block solutions until they re-validate all transactions due to the anonymity of who produced the PoW). 320-bit public keys (i.e. 160-bit security) in UTXO would require 100% more (double the) DRAM.

Satoshi just nailed you to the cross.  

And if there is a suspicion on that fragility, it is very wasteful to take a useless 256 bit key which would in any case easily be cracked by assumption.

You are not assimilating all the information I already provided to you.

The public keys can be hacked off the users' wallets. So we need more than trivial security there for the ECC public key cryptography.

Another reason (in addition to the compression of UTXO) to hash the values on the block chain is because when the use of a quantum computer is detected, we have some protection against chaos and can map out a strategy for burning the values to a new design securely. Hashes are much more likely to be quantum computing resistant.

Satoshi's cryptography choices are so clever and obtuse that even a very smart person as yourself takes a long time to finally grasp his genius. That indicates how genius Satoshi is. When we find that PhDs (college professors?) are offended by the notion of Satoshi being a genius, and such PhDs are committing Dunning-Kruger blunders when analyzing Satoshi's work, then we have a very strong indication that Satoshi's IQ was in the 180+ range. For example, when listening to Freeman Dyson or John Nash (180+ IQ for both) speak initially the unsophisticated observer (not you @dinofelis) might conclude they are not super intelligent. But that is simply because the observer is incapable of perceiving the depth of complexity being communicated so concisely. I have had public+private discussions with college professor Jorge Stolfi on Reddit in 2016 and generally thought him to be intelligent and mathematical, but I was shocked to read his myopic presentation to the SEC recently concerning the decision on the approval of the ETF.

If we appreciate how rare 180 IQ is, then we understand that the set of people who could have been Satoshi is quite small.

P.S. readers I don't know who @dinofelis is. And I would guess he is probably more formally trained than I am in math and Physics and other STEM fields. I have some areas of programming level expertise that he may not have (not sure about that though). My main talent is I am highly creative non-conventional thinker, similar to John Nash but lacking the full breadth of Nash's mathematical genius. I was no where near a teenage math genius but this could be because I was so into athletics and also I wasn't even exposed to learning materials until about 8th grade (my parents had me in inner city public schools and changing schools every 6 months). I did ace Calculus at a college in night session while I was still in high school. My SAT was high in math but not a perfect score (although I had a hangover and still slightly drunk when I took it). I wasn't interested in studying for standardized tests and I never showed up for my math classes in high school, yet still aced the exams. In short, I excelled on the things I was motivated to excel on but more interested in my intellectual and athletic hobbies than in conforming with the structured curriculum. At the university, I hated to attend lectures and would learn independently and also doing my own research on things I was interested in the library. And spending the rest of my time partying and playing sports.

[dinofelis]

There are seemingly only two valid reasons to hash the public key:

1) you think that the public key scheme is vulnerable in the long term
2) you want to separate long term and short term security.

I already told you that if the public key were exposed for a longer (indefinite!) time, so you would need to increase the security of the public key.  But to what level given quantum computing may be coming?

And 256-bit was about the upper limit of what was available and well accepted in 2008.

Well, this is the kind of cryptographic "common sense" that doesn't make sense.  As I said before, one has to assume, in a cryptographic design, that the cryptographic primitives are about at the security level that is known - for the simple reason that one cannot predict the deterioration of its security level by future cryptanalysis.  As far as one goes, it can be total.

Let us take a very simplistic example to illustrate what I mean (it is simplistic, for illustrative purposes, don't think I'm cretin like that ).  Suppose that we take as a group, the addition group modulo a prime number, and that we don't know that multiplication forms a field with it.  We could have the "discrete log" problem in this group, where "adding together n times" the generator g, a random number between 1 and  p-1, is the "hard problem to solve", exactly as we do in an elliptic group.  Suppose that we take p a 2048 bit number.  Now THAT's a big group, isn't it ?  Alas, the Euclidean division algorithm solves my "discrete logarithm" problem as fast as I can compute the signature !

2048, 4096, 10^9 bit key, it doesn't matter: the difficulty of cracking goes polynomially with the difficulty of using it ! (Here, even linearly!).

So the day that one finds the "Euclidean division" in an ECC, it is COMPLETELY BROKEN.  The time it takes a user to calculate his signature, is the time it takes about, for an attacker to calculate the secret key from the public key.  As such, the ECC has become a simple MAC, and it doesn't even last 3 seconds once the key is broadcast.

--> if we assume that ECC will be broken one day, bitcoin's crypto scheme is IN ANY CASE not usable.  This is why the "common sense" in cryptography, of "protecting primitive crypto building blocks because we cannot assume they are secure" is just as much a no-go as the other common sense of security by obscurity.  It sounds logical, but it is a fallacy.  You think ECC will be broken, don't use it.  And if you use it, accept its security level as of today.  Because you cannot foresee HOW HARD it will be broken, and if it is totally broken, you are using, well, broken crypto.

Now, what is the reason we can allow LOWER security for the exposed public key, than for the long-term address in an output ?  The reason is a priori (and I also fell into that trap - as I told you before, my reason for these discussions is only to improve my proper understanding and here it helped) that the public key needs only to secure the thing between broadcasting and inclusion in the chain.  But as you point out, that can take longer if blocks are full than 10 minutes.  This can be a matter of hours.  Also, in micro channel spending, you have to expose your public key to the counter party for the time the channel is open.

Now, if we are on a security requirement of days or weeks, then there's essentially not much difference between days or weeks, and centuries.  The factor between them is 10000 or so.  That's 16 bits.  A scheme that is secure for days or weeks, only needs 16 bits of extra security, to be secure for centuries ====>  there is no reason to nitpick on 16 bits if we are talking about 128 bits or so.
There is no reason to introduce "short term security" if this is only 16 bits less than the long term security level.

In other words, if you are afraid that 160 bits isn't good enough in ECC for the long term, well, then 128 bits (as it is now) is not good enough either in the short term.  If you think a "quantum computer" can crack a 320 bit ECC key in 50 years, then that quantum computer will be able to crack a 256 bit ECC key in less than a day.

So you may very well protect an address with an unbreakable hash of 160 bits for 50 years your quantum computer breaks its teeth on, the day that you use that address in a micro-payment channel, by the evening the key is cracked.

You are not accurately accounting for the savings in portion of UTXO that must be stored in DRAM (for performance) versus what can be put on SSDs. Without that in DRAM, then the propagation time for blocks would be horrendous and the orphan rate would skyrocket (because nodes can't propagate block solutions until they re-validate all transactions due to the anonymity of who produced the PoW).

Of course not.  You don't have to keep all UTXO in DRAM of course.  You can do much smarter database lookup tables.  If the idea is that a node has to keep all UTXO in RAM, then bitcoin will be dead soon.

Satoshi just nailed you to the cross.  

Nope, Gavin Andresen is talking bullshit and confuses cryptographic hashes and lookup table hashes.

http://qntra.net/2015/05/gavin-backs-off-blocksize-scapegoats-memory-utxo-set/

If you need to keep a LOOKUP HASH of UTXO, then that doesn't need cryptographic security.  There's no point in having 160 bit hashes if you can only keep a few GB of them in memory !  160 bit lookup hashes means you expect of the order of 2^160 UTXO to be ordered.  Now try to fit 2^160 things in a few GB of RAM

You only need about a 48 bit hash of the UTXO to keep a database in RAM.  That doesn't need to be cryptographically secure.  Completely crazy to keep 160 bit hashes as LOOKUP HASHES in a database hash table !   And there are smarter ways to design lookup tables in databases than keeping a long hash table in RAM, ask Google

I'm not even putting this on the back of Satoshi.  I claim he made sufficient errors for him not to be a math genius but he is a smart guy nevertheless.  I can criticise him because of hindsight, I'm absolutely not claiming to be at his level.  But I claim that he's not of the type of math genius as a guy like Nash.  This is the kind of argument I'm trying to build.  

But SUCH stupid errors, I don't even think Satoshi is capable of.  It is Gavin Andreesen who is talking bullshit to politically limit block size.  If ever it is true that RAM limits the amount of UTXO in a hard way, then bitcoin is dead from the start.  But it isn't.

This is a very interesting read BTW:

http://satoshi.nakamotoinstitute.org/emails/cryptography/2/

>Satoshi Nakamoto wrote:
>> I've been working on a new electronic cash system that's fully
>> peer-to-peer, with no trusted third party.
>>
>> The paper is available at:
>> http://www.bitcoin.org/bitcoin.pdf
>
>We very, very much need such a system, but the way I understand your
>proposal, it does not seem to scale to the required size.
>
>For transferable proof of work tokens to have value, they must have
>monetary value.  To have monetary value, they must be transferred within
>a very large network - for example a file trading network akin to
>bittorrent.
>
>To detect and reject a double spending event in a timely manner, one
>must have most past transactions of the coins in the transaction, which,
>  naively implemented, requires each peer to have most past
>transactions, or most past transactions that occurred recently. If
>hundreds of millions of people are doing transactions, that is a lot of
>bandwidth - each must know all, or a substantial part thereof.
>


Long before the network gets anywhere near as large as that, it would be safe
for users to use Simplified Payment Verification (section to check for
double spending, which only requires having the chain of block headers, or
about 12KB per day. Only people trying to create new coins would need to run
network nodes. At first, most users would run network nodes, but as the
network grows beyond a certain point, it would be left more and more to
specialists with server farms of specialized hardware. A server farm would
only need to have one node on the network and the rest of the LAN connects with
that one node.

The bandwidth might not be as prohibitive as you think. A typical transaction
would be about 400 bytes (ECC is nicely compact). Each transaction has to be
broadcast twice, so lets say 1KB per transaction. Visa processed 37 billion
transactions in FY2008, or an average of 100 million transactions per day.
That many transactions would take 100GB of bandwidth, or the size of 12 DVD or
2 HD quality movies, or about $18 worth of bandwidth at current prices.

If the network were to get that big, it would take several years, and by then,
sending 2 HD movies over the Internet would probably not seem like a big deal.

Satoshi Nakamoto

---------------------------------------------------------------------

The first piece in bold is the network configuration we talked about earlier: the backbone of miner nodes, and all others directly connecting to it, no more P2P network. (has nothing to do with the current subject, but I thought it was interesting to note that Satoshi already conceived the miner centralization from the start).

The second part is indeed considering bitcoin scaling on chain to VISA-like transaction rates, with the chain growing at 100 GB per day.  He's absolutely not considering a P2P network here, but a "central backbone and clients" system.

The point however, is the fact that most certainly, he doesn't think of any RAM limits on cryptographic hashes and hence on the maximum amount of existing UTXO permissible.